CVE-2022-25020

Removed by vendor...

PluXml 跨站脚本漏洞

PluXml is a content management system that does not require a database to work.A cross-site scripting vulnerability exists in PluXML version 5.8.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a payload in the thumbnail path of a blog post...

HTMLy 跨站脚本漏洞

Htmly is a PHP-based blogging platform. version 2.8.1 of Htmly is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary web script HTML via a specially crafted payload in the blog post content field...

WordPress Full Page Blog Designer plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Full Page Blog Designer plugin versions = 1.0.2. Solution No patched version available...

WordPress Print My Blog plugin < 3.11.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Print My Blog plugin versions 3.11.4. Solution Update the WordPress Print My Blog plugin to the latest available version at least 3.11.4...

WordPress ConeBlog – WordPress Blog Widgets plugin <= 1.4.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress ConeBlog – WordPress Blog Widgets plugin versions = 1.4.5. Solution Update the WordPress ConeBlog – WordPress Blog Widgets plugin to the latest available version at least 1.4.6...

WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin < 2.3.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin versions 2.3.1. Solution Update the WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin to the latest available version at least...

WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin < 2.3.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin versions 2.3.1. Solution Update the WordPress News & Blog Designer Pack – WordPress Blog Plugin plugin to the latest available version at least 2.3.1...

WordPress Blog Sidebar Widget plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Blog Sidebar Widget plugin versions = 1.0.5. Solution No patched version available...

WordPress WP Tools Divi Blog Carousel plugin <= 1.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Tools Divi Blog Carousel plugin versions = 1.2.0. Solution Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version at least 1.3.0...

WordPress WP Tools Divi Blog Carousel plugin <= 1.2.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Tools Divi Blog Carousel plugin versions = 1.2.0. Solution Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version at least 1.3.0...

WordPress Full Page Blog Designer plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Full Page Blog Designer plugin versions = 1.0.2. Solution No patched version available...

WordPress Print My Blog plugin < 3.11.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Print My Blog plugin versions 3.11.4. Solution Update the WordPress Print My Blog plugin to the latest available version at least 3.11.4...

WordPress Blog Navigator Chatbot by Xatkit plugin <= 2.1.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Blog Navigator Chatbot by Xatkit plugin versions = 2.1.3. Solution Update the WordPress Blog Navigator Chatbot by Xatkit plugin to the latest available version at least 2.1.4...

Friday Squid Blogging: Squid Videos

Here are six beautiful squid videos. I know nothing more about them. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. EDITED TO ADD 2/25: This post accidentally went live on Wednesday, two days...

CVE-2022-24374

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows ...

CVE-2022-24374

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows ...

CVE-2022-24374

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows ...

CVE-2022-23810

Template injection Improper Neutralization of Special Elements Used in a Template Engine vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to...

CVE-2022-23916

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows ...